Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nexus vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-30163
Invision Community prior to 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used t...
1 Github repository
NA
CVE-2024-20348
A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote malicious user to read arbitrary files. This vulnerability is due to an unauthenticated provisioning web server. An attack...
1 Article
NA
CVE-2024-20281
A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote malicious user to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to...
NA
CVE-2024-20282
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access token. An attacker could expl...
NA
CVE-2024-20283
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote malicious user to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerabili...
NA
CVE-2024-20302
A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an authenticated, remote malicious user to modify or delete tenant templates on an affected system. This vulnerability is due to improper access controls within tenant se...
NA
CVE-2022-48629
In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rng_alg expects that the destination buffer is completely filled if the function returns 0. qcom_rng_read() can r...
NA
CVE-2024-20291
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote malicious user to send traffic that should be blocked through an affected devic...
1 Github repository
8.8
CVSSv3
CVE-2023-50766
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and previous versions allows malicious users to send an HTTP request to an attacker-specified URL and parse the response as XML.
Jenkins Nexus Platform
5.4
CVSSv3
CVE-2023-50767
Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and previous versions allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.
Jenkins Nexus Platform
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »